[Kea-users] Kea logging
Mikael Bjerkeland
mikael at bjerkeland.com
Mon Dec 11 10:43:25 UTC 2017
That's what we are doing, but the intention is for the Splunk Add-on
(basically what Logstash calls a module) to provide all the regex required
to parse the logs and enrich them with the required metadata to understand
what each log message means without having to look it up in the reference
guide. I will add more extractions to the add-on, which is basically regex
that can be re-used in whatever logging platform you use, so it might be of
interest even for those not using Splunk.
Mikael
2017-12-05 15:41 GMT+01:00 Munroe Sollog <mus3 at lehigh.edu>:
> I am not familiar with splunk as we use logstash, but can't you just use
> syslog to forward them to splunk and then just parse them accordingly?
>
> On Tue, Dec 5, 2017 at 9:39 AM, Mikael Bjerkeland <mikael at bjerkeland.com>
> wrote:
>
>> I am also interested in this. I started writing a Splunk add-on to
>> extract and parse the logs. Posting the URL in case anyone else needs this:
>>
>> https://github.com/inspired/TA-isc-kea-dhcp-server-add-on-fo
>> r-splunk-enterprise
>>
>>
>> 5. des. 2017 15:35 skrev "Munroe Sollog" <mus3 at lehigh.edu>:
>>
>>> I'm using this document as reference:
>>>
>>> http://kea.isc.org/docs/kea-messages.html#messages
>>>
>>> When it comes to DHCP the decades-old process has long been understood
>>> as DORA or DORG
>>>
>>> Discover, Offer, Request/Renew, Acknowledge/Grant
>>>
>>> Looking at my logs and the above website, it looks like the ISC has
>>> abandoned these words and replaced them with things like 'LEASE_ALLOC" and
>>> "LEASE_ADVERT" and "INIT_REBOOT". I have not been able to find an
>>> equivalent message for discover yet.
>>>
>>> As a system/network administrator, I found it incredibly useful to be
>>> able to follow the DORA process in the logs, especially when
>>> troubleshooting a problem.
>>>
>>> Am I missing a configuration parameter that might restore some of this
>>> functionality?
>>>
>>> --
>>> Munroe Sollog
>>> Senior Network Engineer
>>> munroe at lehigh.edu
>>>
>>> _______________________________________________
>>> Kea-users mailing list
>>> Kea-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/kea-users
>>>
>>>
>
>
> --
> Munroe Sollog
> Senior Network Engineer
> munroe at lehigh.edu
>
--
Hug a tree before you print this e-mail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20171211/df5dcc49/attachment.htm>
More information about the Kea-users
mailing list